Detections
Analytics

CSCv6|3.1

Title

Establish standard secure configurations of operating systems and software applications.

Description

Establish standard secure configurations of operating systems and software applications. Standardized images should represent hardened versions of the underlying operating system and the applications installed on the system. These images should be validated and refreshed on a regular basis to update their security configuration in light of recent vulnerabilities and attack vectors.

Reference Item Details

Category: Secure Configurations for Hardware and Software

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
0. Check if file @PHP_INI_LOC@ exists. Should fail if @PHP_INI_LOC@ does not existUnixOWASP PHP Best Practice
1.0.2 Use IP address rather than hostname - 'db2system = IP'UnixCIS IBM DB2 OS L1 v1.2.0
1.1 - SerializedSystemIni.dat Password File is not ProtectedUnixTNS Oracle WebLogic Server 11 Linux Best Practices
1.1 - SerializedSystemIni.dat Password File is not ProtectedWindowsTNS Oracle WebLogic Server 11 Windows Best Practices
1.1 Create a separate partition for containersUnixCIS Docker 1.6 v1.0.0 L1 Linux
1.1 Default Install Files - '/IISHelp'WindowsCIS IIS 6.0 v1.0.0
1.1 Default Install Files - '/iissamples'WindowsCIS IIS 6.0 v1.0.0
1.1 Default Install Files - '/Printers'WindowsCIS IIS 6.0 v1.0.0
1.1 Default Install Files - '/scripts'WindowsCIS IIS 6.0 v1.0.0
1.1 Ensure Web Content Is on Non-System PartitionWindowsCIS IIS 7 L1 v1.8.0
1.1 Ensure Web Content Is on Non-System PartitionWindowsCIS IIS 8.0 v1.5.0 Level 1
1.1.1 Create Separate Partition for /tmpUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.1 Ensure mounting of squashfs filesystems is disabled - modprobeUnixCIS Aliyun Linux 2 L1 v1.0.0
1.1.1 Ensure Web Content Is on Non-System PartitionWindowsCIS IIS 8.0 v1.4.0 Level 1
1.1.1 Ensure Web Content Is on Non-System PartitionWindowsCIS IIS 7.0 L1 v1.7.1
1.1.1 Ensure Web Content Is on Non-System PartitionWindowsCIS IIS 7.5 L1 v1.7.1
1.1.1.1 Ensure mounting of cramfs filesystems is disabledUnixCIS Amazon Linux v2.0.0 L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabledUnixCIS SUSE Linux Enterprise Server 12 L1 v2.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabledUnixCIS SUSE Linux Enterprise Server 11 L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabledUnixCIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabledUnixHuawei EulerOS 2 Server L1 v1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabledUnixHuawei EulerOS 2 Workstation L1 v1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabledUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabledUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabledUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - /etc/modprobe.d/*UnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - /etc/modprobe.d/CIS.confUnixCIS Oracle Linux 6 Server L1 v1.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - /etc/modprobe.d/CIS.confUnixCIS CentOS 6 Server L1 v2.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - /etc/modprobe.d/CIS.confUnixCIS CentOS 6 Workstation L1 v2.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - /etc/modprobe.d/CIS.confUnixCIS Oracle Linux 6 Workstation L1 v1.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - /etc/modprobe.d/CIS.confUnixCIS Amazon Linux v2.1.0 L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Oracle Linux 7 Workstation L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Oracle Linux 7 Server L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Debian Family Workstation L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS CentOS 6 Workstation L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Oracle Linux 8 Server L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat 6 Server L1 v2.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat EL8 Workstation L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat 6 Workstation L1 v2.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat EL8 Server L1 v1.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Ubuntu Linux 20.04 LTS Workstation L1 v1.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS CentOS 6 Server L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Oracle Linux 7 Workstation L1 v3.0.0
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Oracle Linux 8 Server L1 v1.0.1
1.09 Windows Program Folder Permissions - 'Verify and set permissions'WindowsCIS v1.1.0 Oracle 11g OS Windows Level 1